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AMENDMENTS TO THE CLAIMS 

The following is a complete listing of claims as filed in the continuation: 

1. In a client system that includes various client system components, and that is 
configured to receive one or more scripts from one or more script sources, the client system also 
including one or more objects that are configured to control properties and features of the client 
system components, a method of selectively granting or denying a script access to one or more of 
the objects, comprising acts of: 

receiving, at the client system, a script from a script source, the script requesting 
access to a particular system object; 

accessing an access control data structure that is independent of the script and 
making a determination that the script is authorized to access the particular system object 
based on one or more permissions that are associated with the script source and the 
particular system within the access control data structure; 

selectively granting the script access to the particular system object based on the 
determination. 

2. A method as defined in claim 1, wherein: 

the method fiirther comprises an act of storing, at the client system the access 
control data structure, wherein the access control data structure includes having one or 
more entries, each entry being associated with an object and including a source identifier 
representing one or more information sources and a permission identifier defining a 
permission; and 

the act of making the determination comprises acts of: 

identifying an entry of the access control data structure that is associated 

with the particular object and has a source identifier representing the information 

source from which the script has been received; and 

applying the permission defined by the permission identifier included in 

the identified entry to the script. 
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3. A method as defined in claim 1, wherein the particular object is a document 
object relating to a document displayed by the browser. 

4. A method as defined in claim 1, wherein the particular object is a browser object 
relating to the browser other than any document displayed by the browser. 

5. A method as defined in claim 1, wherein the particular object is a system object 
relating to a component of the client system other than the browser and any document displayed 
by the browser. 
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6. In a client system that includes various client system components, and that is 
configured to receive one or more scripts from one or more script sources, the client system also 
including one or more objects that are configured to control properties and features of the client 
system components, a method of selectively granting or denying a script access to one or more of 
the objects, comprising acts of: 

storing at the client system an access control data structure having one or more 
entries, each entry being associated with an object for which access is to be controlled 
and including a source identifier representing one or more script sources and a permission 
identifier defining a permission; 

receiving a script from a particular script source, wherein the script, if fiiUy 
executed by the browser, would request access to a particular object; 

identifying an entry of the access control data structure that is associated with the 
particular object and has a source identifier representing the particular script source; and 
applying the permission defined by the permission identifier included in the identified 
entry to the script such that access by the script to the particular object is based upon one or more 
permissions that are associated with the script source and the particular system object. 

7. A method as defined in claim 6, wherein the identified entry is associated with 
and controls access to only one system object. 

8. A method as defined in claim 6, wherein the applied permission is a write 
permission, the method fiirther comprising: 

an act of executing the script such that the script accesses the particular object; 

and 

an act of modifying the particular object by the script. 

9. A method as defined in claim 6, wherein the applied permission specifies that 
access to the particular object by the script is denied, the method fiirther comprising an act of 
denying the script access to the particular object. 
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10. A method as defined in claim 6, wherein the source identifier corresponds to a 
universal resource locator of the one or more script sources that the source identifier represents. 

11. A method as defined in claim 10, wherein the act of identifying an entry of the 
access control data structure comprises an act of comparing the source identifiers of the entries 
with the universal resource locator of the script source. 
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12. A method as defined in claim 6, wherein the script, if fully executed, would 
request access to at least two system objects, including the particular object and a second object, 
the method further comprising acts of: 

identifying a second entry of the access control data structure, wherein the second entry is 
associated with the second object the source identifier of the second entry represents the 
particular script source; and 

applying the permission defined by the permission identifier included in the 
second entry to the script such that access by the script to the second object is controlled. 

13. A method as defined in claim 12, wherein the permission defined by the 
permission identifier included in the identified entry is different than the permission defined by 
the permission identifier included in the second entry. 

14. A method as defined in claim 6, further comprising acts of: 

receiving a second script from the particular script source, wherein the second script, if 
fully executed by the browser, would request access to a second object; 

identifying a second entry of the access control data structure, wherein the second 
entry is associated with the second object and the source identifier of the second entry 
represents the particular script source; and 

applying the permission defined by the permission identifier included in the 
second entry to the second script such that access by the second script to the second 
object is controlled. 

15. A method as defined in claim 14, wherein the permission defined by the 
permission identifier included in the identified entry is different than the permission defined by 
the permission identifier included in the second entry. 
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16. A computer program product for use in a client system that includes various client 
system components, and that is configured to receive one or more scripts from one or more script 
sources, the client system also including one or more objects that are configured to control 
properties and features of the client system components, the computer program product 
comprising: 

one or more computer-readable media having computer-executable instructions 
for implementing a method of selectively granting or denying a script access to one or 
more of the objects, comprising acts of: 

receiving, at the client system, a script fi-om a script source, the script 
requesting access to a particular system object; 

accessing an access control data structure that is independent of the script 
and making a determination that the script is authorized to access the particular 
system object based on one or more permissions that are associated with the script 
source and the particular system within the access control data structure; 

selectively granting the script access to the particular system object based 
on the determination. 
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17. A computer program product as recited in claim 1 6, wherein: 

the method further comprises an act of storing, at the client system the access 
control data structure, wherein the access control data structure includes one or more 
entries, each entry being associated with an object and including a source identifier 
representing one or more information sources and a permission identifier defining a 
permission; and 

the act of making the determination comprises acts of: 

identifying an entry of the access control data structure that is associated 

with the particular object and has a source identifier representing the information 

source from which the script has been received; and 

applying the permission defined by the permission identifier included in 

the identified entry to the script. 

18. A computer program product as recited in claim 17, wherein the applied 
permission is a write permission, the method further comprising: 

an act of executing the script such that the script accesses the particular object; 

and 

an act of modifying the particular object by the script. 

19. A computer program product as recited in claim 17, wherein the source identifier 
corresponds to a universal resource locator of the one or more script sources that the source 
identifier represents. 

20. A computer program product as recited in claim 1 7, wherein the act of identifying 
an entry of the access control data structure comprises an act of comparing the source identifiers 
of the entries with the universal resource locator of the script source. 

21. A computer program product as recited in claim 16, wherein the particular object 
is a document object relating to a document displayed by the browser. 
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22. A computer program product as recited in claim 16, wherein the particular object 
is a browser object relating to the browser other than any document displayed by the browser. 
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